Ok, here's another problem I have had for way too long now and I want to fix.

Here's the scenario: I have got a limited shell on a server in a lab through a web application vulnerability.

By "limited shell", I mean:- The shell doesn't give me any output on the screen and I cannot output results of commands in a file- I can change directory and list files (using a second ASP shell), but that's about it.- I am able to ftp files/modify files into the web root directory (for example, I have uploaded nc.exe in C:\inetpub\wwwroot)

I have tried 5 or 6 different ASP shells, but couldn't get much more out of it.

So what approach should I take at this point? Write my own ASP shell code? Focus on trying to get a full shell (for example, using netcat somehow)? Maybe priv escalation (I don't think so at this point, but I could be wrong)

I really just need a direction so I can continue working on a solution...

H1t M0nk3y wrote:Ok, here's another problem I have had for way too long now and I want to fix.

Here's the scenario: I have got a limited shell on a server in a lab through a web application vulnerability.

By "limited shell", I mean:- The shell doesn't give me any output on the screen and I cannot output results of commands in a file- I can change directory and list files (using a second ASP shell), but that's about it.- I am able to ftp files/modify files into the web root directory (for example, I have uploaded nc.exe in C:\inetpub\wwwroot)

I have tried 5 or 6 different ASP shells, but couldn't get much more out of it.

So what approach should I take at this point? Write my own ASP shell code? Focus on trying to get a full shell (for example, using netcat somehow)? Maybe priv escalation (I don't think so at this point, but I could be wrong)

I really just need a direction so I can continue working on a solution...

Methodology-wise, I'd skip the fancy shells and just see if a basic script works. Something like executing the the value of a GET variable called cmd and output it to the screen. The web service account should at least be about to output a directory listing. If not, there may be something else quirky going on.